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NEW QUESTION 1 
- (Topic 1) 
The Terminal Access Controller Access Control System (TACACS) employs which of the following? 


A. a user ID and static password for network access 

B. a user ID and dynamic password for network access 

C. a user ID and symmetric password for network access 
D. auser ID and asymmetric password for network access 


Answer: A 


Explanation: 
For networked applications, the Terminal Access Controller Access Control System (TACACS) employs a user ID and a static password for network access. 
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 44. 


NEW QUESTION 2 
- (Topic 1) 
The type of discretionary access control (DAC) that is based on an individual's identity is also called: 


A. ldentity-based Access control 

B. Rule-based Access control 

C. Non-Discretionary Access Control 
D. Lattice-based Access control 


Answer: A 


Explanation: 

An identity-based access control is a type of Discretionary Access Control (DAC) that is based on an individual's identity. 

DAC is good for low level security environment. The owner of the file decides who has access to the file. 

If a user creates a file, he is the owner of that file. An identifier for this user is placed in the file header and/or in an access control matrix within the operating 
system. 

Ownership might also be granted to a specific individual. For example, a manager for a certain department might be made the owner of the files and resources 
within her department. A system that uses discretionary access control (DAC) enables the owner of the resource to specify which subjects can access specific 
resources. 

This model is called discretionary because the control of access is based on the discretion of the owner. Many times department managers, or business unit 
managers , are the owners of the data within their specific department. Being the owner, they can specify who should have access and who should not. 
Reference(s) used for this question: 

Harris, Shon (2012-10-18). CISSP All-in-One Exam Guide, 6th Edition (p. 220). McGraw- Hill . Kindle Edition. 


NEW QUESTION 3 
- (Topic 1) 
Which access control model achieves data integrity through well-formed transactions and separation of duties? 


A. Clark-Wilson model 

B. Biba model 

C. Non-interference model 
D. Sutherland model 


Answer: A 


Explanation: 

The Clark-Wilson model differs from other models that are subject- and object- oriented by introducing a third access element programs resulting in what is called 
an access triple, which prevents unauthorized users from modifying data or programs. The Biba model uses objects and subjects and addresses integrity based on 
a hierarchical 

lattice of integrity levels. The non-interference model is related to the information flow model with restrictions on the information flow. The Sutherland model 
approaches integrity by focusing on the problem of inference. 

Source: ANDRESS, Mandy, Exam Cram CISSP, Coriolis, 2001, Chapter 2: Access Control Systems and Methodology (page 12). 

And: KRAUSE, Micki & TIPTON, Harold F., Handbook of Information Security Management, CRC Press, 1997, Domain 1: Access Control. 


NEW QUESTION 4 
- (Topic 1) 
Controlling access to information systems and associated networks is necessary for the preservation of their: 


A. Authenticity, confidentiality and availability 

B. Confidentiality, integrity, and availability. 

C. integrity and availability. 

D. authenticity,confidentiality, integrity and availability. 


Answer: B 
Explanation: 


Controlling access to information systems and associated networks is necessary for the preservation of their confidentiality, integrity and availability. 
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 31. 


NEW QUESTION 5 
- (Topic 1) 
Smart cards are an example of which type of control? 
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A. Detective control 

B. Administrative control 
C. Technical control 

D. Physical control 


Answer: C 


Explanation: 

Logical or technical controls involve the restriction of access to systems and the protection of information. Smart cards and encryption are examples of these types 
of control. 

Controls are put into place to reduce the risk an organization faces, and they come in three main flavors: administrative, technical, and physical. Administrative 
controls are commonly referred to as ??soft controls?? because they are more management-oriented. Examples of administrative controls are security 
documentation, risk management, personnel security, and training. Technical controls (also called logical controls) are software or hardware components, as in 
firewalls, IDS, encryption, identification and authentication mechanisms. And physical controls are items put into place to protect facility, personnel, and resources. 
Examples of physical controls are security guards, locks, fencing, and lighting. 

Many types of technical controls enable a user to access a system and the resources within that system. A technical control may be a username and password 
combination, a Kerberos implementation, biometrics, public key infrastructure (PKI), RADIUS, TACACS +, or authentication using a smart card through a reader 
connected to a system. These technologies verify the user is who he says he is by using different types of authentication methods. Once a user is properly 
authenticated, he can be authorized and allowed access to network resources. 

Reference(s) used for this question: 

Harris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition (p. 245). McGraw- Hill. Kindle Edition. 

and 

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 2: Access 
control systems (page 32). 


NEW QUESTION 6 
- (Topic 1) 
A potential problem related to the physical installation of the Iris Scanner in regards to the usage of the iris pattern within a biometric system is: 


A. concern that the laser beam may cause eye damage 

B. the iris pattern changes as a person grows older. 

C. there is a relatively high rate of false accepts. 

D. the optical unit must be positioned so that the sun does not shine into the aperture. 


Answer: D 


Explanation: 

Because the optical unit utilizes a camera and infrared light to create the images, sun light can impact the aperture so it must not be positioned in direct light of 
any type. Because the subject does not need to have direct contact with the optical reader, direct light can impact the reader. 

An Iris recognition is a form of biometrics that is based on the uniqueness of a subject's iris. A camera like device records the patterns of the iris creating what is 
known as Iriscode. 

It is the unique patterns of the iris that allow it to be one of the most accurate forms of biometric identification of an individual. Unlike other types of biometics, the 
iris rarely changes over time. Fingerprints can change over time due to scaring and manual labor, voice patterns can change due to a variety of causes, hand 
geometry can also change as well. But barring surgery or an accident it is not usual for an iris to change. The subject has a high-resoulution image taken of their 
iris and this is then converted to Iriscode. The current standard for the Iriscode was developed by John Daugman. When the subject attempts to be authenticated 
an infrared light is used to capture the iris image and this image is then compared to the Iriscode. If there is a match the subject's identity is confirmed. The subject 
does not need to have direct contact with the optical reader so it is a less invasive means of authentication then retinal scanning would be. 

Reference(s) used for this question: AIO, 3rd edition, Access Control, p 134. AIO, 4th edition, Access Control, p 182. 

Wikipedia - http://en.wikipedia.org/wiki/Iris_recognition The following answers are incorrect: 

concern that the laser beam may cause eye damage. The optical readers do not use laser so, concern that the laser beam may cause eye damage is not an issue. 
the iris pattern changes as a person grows older. The question asked about the physical installation of the scanner, so this was not the best answer. If the question 
would have been about long term problems then it could have been the best choice. Recent research has shown that Irises actually do change over time: 
http:/Awww.nature.com/news/ageing- eyes-hinder-biometric-scans-1.10722 

there is a relatively high rate of false accepts. Since the advent of the lriscode there is a very low rate of false accepts, in fact the algorithm used has never had a 
false match. This all depends on the quality of the equipment used but because of the uniqueness of the iris even when comparing identical twins, iris patterns are 
unique. 


NEW QUESTION 7 
- (Topic 1) 
Which of the following is most affected by denial-of-service (DOS) attacks? 


A. Confidentiality 
B. Integrity 

C. Accountability 
D. Availability 


Answer: D 


Explanation: 
Denial of service attacks obviously affect availability of targeted systems. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the 
Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page 61). 


NEW QUESTION 8 
- (Topic 1) 
Which of the following would be used to implement Mandatory Access Control (MAC)? 


A. Clark-Wilson Access Control 
B. Role-based access control 

C. Lattice-based access control 
D. User dictated access control 
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Answer: C 


Explanation: 

The lattice is a mechanism use to implement Mandatory Access Control (MAC) 

Under Mandatory Access Control (MAC) you have: Mandatory Access Control 

Under Non Discretionary Access Control (NDAC) you have: Rule-Based Access Control 

Role-Based Access Control 

Under Discretionary Access Control (DAC) you have: Discretionary Access Control 

The Lattice Based Access Control is a type of access control used to implement other access control method. A lattice is an ordered list of elements that has a 
least upper bound and a most lower bound. The lattice can be used for MAC, DAC, Integrity level, File Permission, and more 

For example in the case of MAC, if we look at common government classifications, we have the following: 

TOP SECRET 

SECRET ----------------------- | am the user at secret CONFIDENTIAL 

SENSITIVE BUT UNCLASSIFIED UNCLASSIFIED 

If you look at the diagram above where | am a user at SECRET it means that | can access document at lower classification but not document at TOP SECRET. 
The lattice is a list f ORDERED ELEMENT, in this case the ordered elements are classification levels. My least upper bound is SECRET and my most lower 
bound is UNCLASSIFIED. 

However the lattice could also be used for Integrity Levels such as: VERY HIGH 

HIGH 

MEDIUM ---------- I am a user, process, application at the medium level LOW 

VERY LOW 

In the case of of Integrity levels you have to think about TRUST. Of course if | take for example the the VISTA operating system which is based on Biba then 
Integrity Levels would be used. As a user having access to the system | cannot tell a process running with administrative privilege what to do. Else any users on 
the system could take control of the system by getting highly privilege process to do things on their behalf. So no read down would be allowed in this case and this 
is an example of the Biba model. 

Last but not least the lattice could be use for file permissions: RWX 

RW --------- User at this level 


If I am a user with READ and WRITE (RW) access privilege then | cannot execute the file 

because | do not have execute permission which is the X under linux and UNIX. 

Many people confuse the Lattice Model and many books says MAC = LATTICE, however the lattice can be use for other purposes. 

There is also Role Based Access Control (RBAC) that exists out there. It COULD be used to simulate MAC but it is not MAC as it does not make use of Label on 

objects indicating sensitivity and categories. MAC also require a clearance that dominates the object. 

You can get more info about RBAC at:http://csrc.nist.gov/groups/SNS/rbac/faq.html#03 Also note that many book uses the same acronym for Role Based Access 
Control and Rule 

Based Access Control which is RBAC, this can be confusing. 

The proper way of writing the acronym for Rule Based Access Control is RUBAC, unfortunately it is not commonly used. 

References: 

There is a great article on technet that talks about the lattice in VISTA: http://blogs.technet.com/b/steriley/archive/2006/07/21/442870.aspx 

also see: 

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 2: Access 
control systems (page 33). 

and 

http :/Awww.microsoft-watch.com/content/vista/gaging_vistas_integrity.html 


NEW QUESTION 9 
- (Topic 1) 
Which of the following is an example of a passive attack? 


A. Denying services to legitimate users 
B. Shoulder surfing 

C. Brute-force password cracking 

D. Smurfing 


Answer: B 


Explanation: 

Shoulder surfing is a form of a passive attack involving stealing passwords, personal identification numbers or other confidential information by looking over 
someone's shoulder. All other forms of attack are active attacks, where a threat makes a modification to the system in an attempt to take advantage of a 
vulnerability. 

Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw- Hill/Osborne, 2002, chapter 3: Security Management Practices (page 63). 


NEW QUESTION 10 

- (Topic 1) 

Which of the following access control techniques best gives the security officers the ability to specify and enforce enterprise-specific security policies in a way that 
maps naturally to an organization's structure? 


A. Access control lists 

B. Discretionary access control 
C. Role-based access control 

D. Non-mandatory access control 


Answer: C 


Explanation: 

Role-based access control (RBAC) gives the security officers the ability to specify and enforce enterprise-specific security policies in a way that maps naturally to 
an organization's structure. Each user is assigned one or more roles, and each role is assigned one or more privileges that are given to users in that role. An 
access control list (ACL) is a table that tells a system which access rights each user has to a particular system object. With discretionary access control, 
administration is decentralized and owners of resources control other users' access. Non-mandatory access control is not a defined access control technique. 
Source: ANDRESS, Mandy, Exam Cram CISSP, Coriolis, 2001, Chapter 2: Access Control Systems and Methodology (page 9). 
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NEW QUESTION 10 
- (Topic 1) 
Rule-Based Access Control (RUBAC) access is determined by rules. Such rules would fit within what category of access control ? 


A. Discretionary Access Control (DAC) 

B. Mandatory Access control (MAC) 

C. Non-Discretionary Access Control (NDAC) 
D. Lattice-based Access control 


Answer: C 


Explanation: 

Rule-based access control is a type of non-discretionary access control because this access is determined by rules and the subject does not decide what those 
rules will be, the rules are uniformly applied to ALL of the users or subjects. 

In general, all access control policies other than DAC are grouped in the category of non- discretionary access control (NDAC). As the name implies, policies in 
this category have rules that are not established at the discretion of the user. Non-discretionary policies establish controls that cannot be changed by users, but 
only through administrative action. 

Both Role Based Access Control (RBAC) and Rule Based Access Control (RUBAC) fall within Non Discretionary Access Control (NDAC). If it is not DAC or MAC 
then it is most likely NDAC. 

IT IS NOT ALWAYS BLACK OR WHITE 

The different access control models are not totally exclusive of each others. MAC is making use of Rules to be implemented. However with MAC you have 
requirements above and beyond having simple access rules. The subject would get formal approval from management, the subject must have the proper security 
clearance, objects must have labels/sensitivity levels attached to them, subjects must have the proper security clearance. If all of this is in place then you have 
MAC. 

BELOW YOU HAVE A DESCRIPTION OF THE DIFFERENT CATEGORIES: 

MAC = Mandatory Access Control 

Under a mandatory access control environment, the system or security administrator will define what permissions subjects have on objects. The administrator does 
not dictate user??s access but simply configure the proper level of access as dictated by the Data Owner. 

The MAC system will look at the Security Clearance of the subject and compare it with the object sensitivity level or classification level. This is what is called the 
dominance relationship. 

The subject must DOMINATE the object sensitivity level. Which means that the subject must have a security clearance equal or higher than the object he is 
attempting to access. 

MAC also introduce the concept of labels. Every objects will have a label attached to them indicating the classification of the object as well as categories that are 
used to impose the need to know (NTK) principle. Even thou a user has a security clearance of Secret it does not mean he would be able to access any Secret 
documents within the system. He would be allowed to access only Secret document for which he has a Need To Know, formal approval, and object where the user 
belong to one of the categories attached to the object. 

If there is no clearance and no labels then IT IS NOT Mandatory Access Control. 

Many of the other models can mimic MAC but none of them have labels and a dominance relationship so they are NOT in the MAC category. 

NISTR-7316 Says: 

Usually a labeling mechanism and a set of interfaces are used to determine access based on the MAC policy; for example, a user who is running a process at the 
Secret classification should not be allowed to read a file with a label of Top Secret. This is known as the ??simple security rule,?? or ??no read up.?? Conversely, 
a user who is running a process with a label of Secret should not be allowed to write to a file with a label of Confidential. This rule is called the ??*-property?? 
(pronounced ??star property??) or ??no write down.?? The *- property is required to maintain system security in an automated environment. A variation on this 
rule called the ??strict *-property?? requires that information can be written at, but not above, the subject??s clearance level. Multilevel security models such as 
the Bell-La Padula Confidentiality and Biba Integrity models are used to formally specify this kind of MAC policy. 

DAC = Discretionary Access Control 

DAC is also known as: Identity Based access control system. 

The owner of an object is define as the person who created the object. As such the owner has the discretion to grant access to other users on the network. Access 
will be granted based solely on the identity of those users. 

Such system is good for low level of security. One of the major problem is the fact that a user who has access to someone's else file can further share the file with 
other users without the knowledge or permission of the owner of the file. Very quickly this could become the wild wild west as there is no control on the 
dissimination of the information. 

RBAC = Role Based Access Control 

RBAC is a form of Non-Discretionary access control. 

Role Based access control usually maps directly with the different types of jobs performed by employees within a company. 

For example there might be 5 security administrator within your company. Instead of creating each of their profile one by one, you would simply create a role and 
assign the administrators to the role. Once an administrator has been assigned to a role, he will IMPLICITLY inherit the permissions of that role. 

RBAC is great tool for environment where there is a a large rotation of employees on a daily basis such as a very large help desk for example. 

RBAC or RuBAC = Rule Based Access Control RuUBAC is a form of Non-Discretionary access control. 

A good example of a Rule Based access control device would be a Firewall. A single set of rules is imposed to all users attempting to connect through the firewall. 
NOTE FROM CLEMENT: 

Lot of people tend to confuse MAC and Rule Based Access Control. 

Mandatory Access Control must make use of LABELS. If there is only rules and no label, it cannot be Mandatory Access Control. This is why they call it Non 
Discretionary Access control (NDAC). 

There are even books out there that are WRONG on this subject. Books are sometimes opiniated and not strictly based on facts. 

In MAC subjects must have clearance to access sensitive objects. Objects have labels that contain the classification to indicate the sensitivity of the object and the 
label also has categories to enforce the need to know. 

Today the best example of rule based access control would be a firewall. All rules are imposed globally to any user attempting to connect through the device. This 
is NOT the case with MAC. 

| strongly recommend you read carefully the following document: 

NISTIR-7316 at http://csrc.nist.gov/publications/nistir/7316/NISTIR-731 6.pdf 

It is one of the best Access Control Study document to prepare for the exam. Usually | tell people not to worry about the hundreds of NIST documents and other 
reference. This document is an exception. Take some time to read it. 

Reference(s) used for this question: 

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 33. 

and 

NISTIR-7316 at http://csrc.nist.gov/publications/nistir/7316/NISTIR-7316.pdf and 

Conrad, Eric; Misenar, Seth; Feldman, Joshua (2012-09-01). CISSP Study Guide (Kindle Locations 651-652). Elsevier Science (reference). Kindle Edition. 


NEW QUESTION 14 
- (Topic 1) 
Which of the following questions is less likely to help in assessing identification and authentication controls? 
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A. Is a current list maintained and approved of authorized users and their access? 
B. Are passwords changed at least every ninety days or earlier if needed? 

C. Are inactive user identifications disabled after a specified period of time? 

D. Is there a process for reporting incidents? 


Answer: D 


Explanation: 

Identification and authentication is a technical measure that prevents unauthorized people (or unauthorized processes) from entering an IT system. Access control 
usually requires that the system be able to identify and differentiate among users. Reporting incidents is more related to incident response capability (operational 
control) than to identification and authentication (technical control). 

Source: SWANSON, Marianne, NIST Special Publication 800-26, Security Self- Assessment Guide for Information Technology Systems, November 2001 (Pages 
A-30 to A-32). 


NEW QUESTION 17 
- (Topic 1) 
In discretionary access environments, which of the following entities is authorized to grant information access to other people? 


A. Manager 

B. Group Leader 

C. Security Manager 
D. Data Owner 


Answer: D 


Explanation: 

In Discretionary Access Control (DAC) environments, the user who creates a file is also considered the owner and has full control over the file including the ability 
to set permissions for that file. 

The following answers are incorrect: 

manager. Is incorrect because in Discretionary Access Control (DAC) environments it is the owner/user that is authorized to grant information access to other 
people. 

group leader. Is incorrect because in Discretionary Access Control (DAC) environments it is the owner/user that is authorized to grant information access to other 
people. 

security manager. Is incorrect because in Discretionary Access Control (DAC) environments it is the owner/user that is authorized to grant information access to 
other people. 

IMPORTANT NOTE: 

The term Data Owner is also used within Classifications as well. Under the subject of classification the Data Owner is a person from management who has been 
entrusted with a data set that belongs to the company. For example it could be the Chief Financial Officer (CFO) who is entrusted with all of the financial data for a 
company. As such the CFO would determine the classification of the financial data and who can access as well. The Data Owner would then tell the Data 
Custodian (a technical person) what the classification and need to know is on the specific set of data. 

The term Data Owner under DAC simply means whoever created the file and as the creator of the file the owner has full access and can grant access to other 
subjects based 

on their identity. 


NEW QUESTION 18 
- (Topic 1) 
Controls to keep password sniffing attacks from compromising computer systems include which of the following? 


A. static and recurring passwords. 
B. encryption and recurring passwords. 
C. one-time passwords and encryption. 
D. static and one-time passwords. 


Answer: C 


Explanation: 

To minimize the chance of passwords being captured one-time passwords would prevent a password sniffing attack because once used it is no longer valid. 
Encryption will also minimize these types of attacks. 

The following answers are correct: 

static and recurring passwords. This is incorrect because if there is no encryption then someone password sniffing would be able to capture the password much 
easier if it never changed. 

encryption and recurring passwords. This is incorrect because while encryption helps, recurring passwords do nothing to minimize the risk of passwords being 
captured. 

static and one-time passwords. This is incorrect because while one-time passwords will prevent these types of attacks, static passwords do nothing to minimize the 
risk of passwords being captured. 


NEW QUESTION 19 
- (Topic 1) 
Which of the following is NOT a type of motion detector? 


A. Photoelectric sensor 

B. Passive infrared sensors 
C. Microwave Sensor. 

D. Ultrasonic Sensor. 


Answer: A 
Explanation: 


A photoelectric sensor does not "directly" sense motion there is a narrow beam that won't set off the sensor unless the beam is broken. Photoelectric sensors, 
along with dry contact switches, are a type of perimeter intrusion detector. 
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All of the other answers are valid types of motion detectors types. 

The content below on the different types of sensors is from Wikepedia: Indoor Sensors 

These types of sensors are designed for indoor use. Outdoor use would not be advised due to false alarm vulnerability and weather durability.Passive infrared 
detectors 


C:\Users\MCS\Desktop\1.jog Passive Infrared Sensor 

The passive infrared detector (PIR) is one of the most common detectors found in household and small business environments because it offers affordable and 
reliable functionality. The term passive means the detector is able to function without the need to generate and radiate its own energy (unlike ultrasonic and 
microwave volumetric intrusion detectors that are ??active?? in operation). PIRs are able to distinguish if an infrared emitting object is present by first learning the 
ambient temperature of the monitored space and then detecting a change in the temperature caused by the presence of an object. Using the principle of 
differentiation, which is a check of presence or nonpresence, PIRs verify if an intruder or object is actually there. Creating individual zones of detection where each 
zone comprises one or more layers can achieve differentiation. Between the zones there are areas of no sensitivity (dead zones) that are used by the sensor for 
comparison. 

Ultrasonic detectors 

Using frequencies between 15 kHz and 75 kHz, these active detectors transmit ultrasonic sound waves that are inaudible to humans. The Doppler shift principle is 
the underlying method of operation, in which a change in frequency is detected due to object motion. This is caused when a moving object changes the frequency 
of sound waves around it. Two conditions must occur to successfully detect a Doppler shift event: 

There must be motion of an object either towards or away from the receiver. 

The motion of the object must cause a change in the ultrasonic frequency to the receiver relative to the transmitting frequency. 

The ultrasonic detector operates by the transmitter emitting an ultrasonic signal into the area to be protected. The sound waves are reflected by solid objects (such 
as the surrounding floor, walls and ceiling) and then detected by the receiver. Because ultrasonic waves are transmitted through air, then hard-surfaced objects 
tend to reflect most of the ultrasonic energy, while soft surfaces tend to absorb most energy. 

When the surfaces are stationary, the frequency of the waves detected by the receiver will be equal to the transmitted frequency. However, a change in frequency 
will occur as a result of the Doppler principle, when a person or object is moving towards or away from the detector. Such an event initiates an alarm signal. This 
technology is considered obsolete by many alarm professionals, and is not actively installed. 

Microwave detectors 

This device emits microwaves from a transmitter and detects any reflected microwaves or reduction in beam intensity using a receiver. The transmitter and 
receiver are usually combined inside a single housing (monostatic) for indoor applications, and separate housings (bistatic) for outdoor applications. To reduce 
false alarms this type of detector is usually combined with a passive infrared detector or "Dualtec" alarm. 

Microwave detectors respond to a Doppler shift in the frequency of the reflected energy, by a phase shift, or by a sudden reduction of the level of received energy. 
Any of these effects may indicate motion of an intruder. 

Photo-electric beams 

Photoelectric beam systems detect the presence of an intruder by transmitting visible or infrared light beams across an area, where these beams may be 
obstructed. To improve the detection surface area, the beams are often employed in stacks of two or more. However, if an intruder is aware of the technology's 
presence, it can be avoided. The technology can be an effective long-range detection system, if installed in stacks of three or more where the transmitters and 
receivers are staggered to create a fence-like barrier. Systems are available for both internal and external applications. To prevent a clandestine attack using a 
secondary light source being used to hold the detector in a 'sealed’ condition whilst an intruder passes through, most systems use and detect a modulated light 
source. 

Glass break detectors 

The glass break detector may be used for internal perimeter building protection. When glass breaks it generates sound in a wide band of frequencies. These can 
range from infrasonic, which is below 20 hertz (Hz) and can not be heard by the human ear, through the audio band from 20 Hz to 20 kHz which humans can hear, 
right up to ultrasonic, which is above 20 kHz and again cannot be heard. Glass break acoustic detectors are mounted in close proximity to the glass panes and 
listen for sound frequencies associated with glass breaking. Seismic glass break detectors are different in that they are installed on the glass pane. When glass 
breaks it produces specific shock frequencies which travel through the glass and often through the window frame and the surrounding walls and ceiling. Typically, 
the most intense frequencies generated are between 3 and 5 kHz, depending on the type of glass and the presence of a plastic interlayer. Seismic glass break 
detectors ??feel?? these shock frequencies and in turn generate an alarm condition. 

The more primitive detection method involves gluing a thin strip of conducting foil on the inside of the glass and putting low-power electrical current through it. 
Breaking the glass is practically guaranteed to tear the foil and break the circuit. 

Smoke, heat, and carbon monoxide detectors 


C:\Users\MCS\Desktop\1.jog Heat Detection System 

Most systems may also be equipped with smoke, heat, and/or carbon monoxide detectors. These are also known as 24 hour zones (which are on at all times). 
Smoke detectors and heat detectors protect from the risk of fire and carbon monoxide detectors protect from the risk of carbon monoxide. Although an intruder 
alarm panel may also have these detectors connected, it may not meet all the local fire code requirements of a fire alarm system. 

Other types of volumetric sensors could be: 

Active Infrared 
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Passive Infrared/Microware combined Radar 
Accoustical Sensor/Audio Vibration Sensor (seismic) Air Turbulence 


NEW QUESTION 24 
- (Topic 1) 
Which integrity model defines a constrained data item, an integrity verification procedure and a transformation procedure? 


A. The Take-Grant model 

B. The Biba integrity model 

C. The Clark Wilson integrity model 
D. The Bell-LaPadula integrity model 


Answer: C 


Explanation: 

The Clark Wilson integrity model addresses the three following integrity goals: 1) data is protected from modification by unauthorized users; 2) data is protected 
from unauthorized modification by authorized users; and 3) data is internally and externally consistent. It also defines a Constrained Data Item (CDI), an Integrity 
Verification Procedure (IVP), a Transformation Procedure (TP) and an Unconstrained Data item. The Bell-LaPadula and Take-Grant models are not integrity 
models. 

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 5: 
Security Architecture and Models (page 205). 


NEW QUESTION 25 
- (Topic 1) 
Which one of the following authentication mechanisms creates a problem for mobile users? 


A. Mechanisms based on IP addresses 
B. Mechanism with reusable passwords 
C. one-time password mechanism. 
D. challenge response mechanism. 


Answer: A 


Explanation: 

Anything based on a fixed IP address would be a problem for mobile users because their location and its associated IP address can change from one time to the 
next. Many providers will assign a new IP every time the device would be restarted. For example an insurance adjuster using a laptop to file claims online. He goes 
to a different client each time and the address changes every time he connects to the ISP. 

NOTE FROM CLEMENT: 

The term MOBILE in this case is synonymous with Road Warriors where a user is contantly traveling and changing location. With smartphone today that may not 
be an issue but it would be an issue for laptops or WIFI tablets. Within a carrier network the IP will tend to be the same and would change rarely. So this question 
is more applicable to devices that are not cellular devices but in some cases this issue could affect cellular devices as well. 

The following answers are incorrect: 

mechanism with reusable password. This is incorrect because reusable password mechanism would not present a problem for mobile users. They are the least 
secure and change only at specific interval. 

one-time password mechanism. This is incorrect because a one-time password mechanism would not present a problem for mobile users. Many are based on a 
clock and not on the IP address of the user. 

challenge response mechanism. This is incorrect because challenge response mechanism would not present a problem for mobile users. 


NEW QUESTION 27 
- (Topic 1) 
What does the Clark-Wilson security model focus on? 


A. Confidentiality 
B. Integrity 

C. Accountability 
D. Availability 


Answer: B 


Explanation: 

The Clark-Wilson model addresses integrity. It incorporates mechanisms to enforce internal and external consistency, a separation of duty, and a mandatory 
integrity policy. 

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 5: 
Security Architectures and Models (page 205). 


NEW QUESTION 32 
- (Topic 1) 
Organizations should consider which of the following first before allowing external access to their LANs via the Internet? 


A. plan for implementing workstation locking mechanisms. 

B. plan for protecting the modem pool. 

C. plan for providing the user with his account usage information. 
D. plan for considering proper authentication options. 


Answer: D 
Explanation: 


Before a LAN is connected to the Internet, you need to determine what the 
access controls mechanisms are to be used, this would include how you are going to authenticate individuals that may access your network externally through 
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access control. 

The following answers are incorrect: 

plan for implementing workstation locking mechanisms. This is incorrect because locking the workstations have no impact on the LAN or Internet access. 

plan for protecting the modem pool. This is incorrect because protecting the modem pool has no impact on the LAN or Internet access, it just protects the modem. 
plan for providing the user with his account usage information. This is incorrect because the question asks what should be done first. While important your primary 
concern should be focused on security. 


NEW QUESTION 37 
- (Topic 1) 
Which of the following statements pertaining to biometrics is FALSE? 


A. User can be authenticated based on behavior. 

B. User can be authenticated based on unique physical attributes. 

C. User can be authenticated by what he knows. 

D. A biometric system's accuracy is determined by its crossover error rate (CER). 


Answer: C 


Explanation: 

As this is not a characteristic of Biometrics this is the rigth choice for this question. This is one of the three basic way authentication can be performed and it is not 
related to Biometrics. Example of something you know would be a password or PIN for example. 

Please make a note of the negative 'FALSE' within the question. This question may seem tricky to some of you but you would be amazed at how many people 
cannot deal with negative questions. There will be a few negative questions within the real exam, just like this one the keyword NOT or FALSE will be in 
Uppercase to clearly indicate that it is negative. 

Biometrics verifies an individual??s identity by analyzing a unique personal attribute or behavior, which is one of the most effective and accurate methods of 
performing authentication (one to one matching) or identification (a one to many matching). 

A biometric system scans an attribute or behavior of a person and compares it to a template store within an authentication server datbase, such template would be 
created in an earlier enrollment process. Because this system inspects the grooves of a person??s fingerprint, the pattern of someone??s retina, or the pitches of 
someone?’?s voice, it has to be extremely sensitive. 

The system must perform accurate and repeatable measurements of anatomical or physiological characteristics. This type of sensitivity can easily cause false 
positives or false negatives. The system must be calibrated so that these false positives and false negatives occur infrequently and the results are as accurate as 
possible. 

There are two types of failures in biometric identification: 

False Rejection also called False Rejection Rate (FRR) ?? The system fail to recognize a legitimate user. While it could be argued that this has the effect of 
keeping the protected area extra secure, it is an intolerable frustration to legitimate users who are refused access because the scanner does not recognize them. 
False Acceptance or False Acceptance Rate (FAR) ?? This is an erroneous recognition, either by confusing one user with another or by accepting an imposter as 
a legitimate user. 

Physiological Examples: 

Unique Physical Attributes: 

Fingerprint (Most commonly accepted) Hand Geometry 

Retina Scan (Most accurate but most intrusive) Iris Scan 

Vascular Scan Behavioral Examples: 

Repeated Actions Keystroke Dynamics 

(Dwell time (the time a key is pressed) and Flight time (the time between "key up" and the next "key down"). 

Signature Dynamics 

(Stroke and pressure points) 

EXAM TIP: 

Retina scan devices are the most accurate but also the most invasive biometrics system available today. The continuity of the retinal pattern throughout life and 
the difficulty in fooling such a device also make it a great long-term, high-security option. Unfortunately, the cost of the proprietary hardware as well the stigma of 
users thinking it is potentially harmful to the eye makes retinal scanning a bad fit for most situations. 

Remember for the exam that fingerprints are the most commonly accepted type of biometrics system. 

The other answers are incorrect: 

‘Users can be authenticated based on behavior.’ is incorrect as this choice is TRUE as it pertains to BIOMETRICS. 

Biometrics systems makes use of unique physical characteristics or behavior of users. 

‘User can be authenticated based on unique physical attributes.’ is also incorrect as this choice is also TRUE as it pertains to BIOMETRICS. Biometrics systems 
makes use of unique physical characteristics or behavior of users. 

‘A biometric system's accuracy is determined by its crossover error rate (CER) is also incorrect as this is TRUE as it also pertains to BIOMETRICS. The CER is 
the point at which the false rejection rates and the false acceptance rates are equal. The smaller the value of 

the CER, the more accurate the system. 

Reference(s) used for this question: 

Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 25353-25356). Auerbach 
Publications. Kindle Edition. 

and 

Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 25297-25303). Auerbach 
Publications. Kindle Edition. 


NEW QUESTION 39 
- (Topic 1) 
Which of the following security models does NOT concern itself with the flow of data? 


A. The information flow model 
B. The Biba model 

C. The Bell-LaPadula model 
D. The noninterference model 


Answer: D 
Explanation: 
The goal of a noninterference model is to strictly separate differing security levels to assure that higher-level actions do not determine what lower-level users can 


see. This is in contrast to other security models that control information flows between differing levels of users, By maintaining strict separation of security levels, a 
noninterference model minimizes leakages that might happen through a covert channel. 
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The Bell-LaPadula model is incorrect. The Bell-LaPadula model is concerned with confidentiality and bases access control decsions on the classfication of objects 
and the clearences of subjects. 

The information flow model is incorrect. The information flow models have a similar framework to the Bell-LaPadula model and control how information may flow 
between objects based on security classes. 

The Biba model is incorrect. The Biba model is concerned with integrity and is a complement to the Bell-LaPadula model in that higher levels of integrity are more 
trusted than lower levels. Access control us based on these integrity levels to assure that read/write operations do not decrease an object's integrity. 

References: 

CBK, pp 325 - 326 

AIO3, pp. 290 - 291 


NEW QUESTION 43 

- (Topic 1) 

Which of the following protocol was used by the INITIAL version of the Terminal Access Controller Access Control System TACACS for communication between 
clients and servers? 


A. TCP 
B. SSL 
C. UDP 
D. SSH 


Answer: C 


Explanation: 

The original TACACS, developed in the early ARPANet days, had very limited functionality and used the UDP transport. In the early 1990s, the protocol was 
extended to include additional functionality and the transport changed to TCP. 

TACAGS is defined in RFC 1492, and uses (either TCP or UDP) port 49 by default. TACACS allows a client to accept a username and password and send a query 
to a TACACS authentication server, sometimes called a TACACS daemon or simply TACACSD. TACACSD uses TCP and usually runs on port 49. It would 
determine whether to accept or deny the authentication request and send a response back. 

TACACS+ 

TACACS+ and RADIUS have generally replaced TACACS and XTACAGS in more recently built or updated networks. TACACS+ is an entirely new protocol and is 
not compatible with TACACS or XTACACS. TACACS+ uses the Transmission Control Protocol (TCP) and RADIUS uses the User Datagram Protocol (UDP). 
Since TCP is connection oriented 

protocol, TACACS+ does not have to implement transmission control. RADIUS, however, does have to detect and correct transmission errors like packet loss, 
timeout etc. since it rides on UDP which is connectionless. 

RADIUS encrypts only the users' password as it travels from the RADIUS client to RADIUS server. All other information such as the username, authorization, 
accounting are transmitted in clear text. Therefore it is vulnerable to different types of attacks. TACACS+ encrypts all the information mentioned above and 
therefore does not have the vulnerabilities present in the RADIUS protocol. 

RADIUS and TACACS + are client/ server protocols, which means the server portion cannot send unsolicited commands to the client portion. The server portion 
can only speak when spoken to. Diameter is a peer-based protocol that allows either end to initiate communication. This functionality allows the Diameter server to 
send a message to the access server to request the user to provide another authentication credential if she is attempting to access a secure resource. 
Reference(s) used for this question: http://en.wikipedia.org/wiki/TACACS 

and 

Harris, Shon (2012-10-18). CISSP All-in-One Exam Guide, 6th Edition (p. 239). McGraw- Hill. Kindle Edition. 


NEW QUESTION 48 
- (Topic 1) 
What is the PRIMARY use of a password? 


A. Allow access to files. 

B. Identify the user. 

C. Authenticate the user. 

D. Segregate various user's accesses. 


Answer: C 


Explanation: 
Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation. 


NEW QUESTION 50 
- (Topic 1) 
Which of the following is used by RADIUS for communication between clients and servers? 


A. TCP 
B. SSL 
C. UDP 
D. SSH 


Answer: C 
Explanation: 


Source: TIPTON, Harold F. & KRAUSE, MICKI, Information Security Management Handbook, 4th Edition, Volume 2, 2001, CRC Press, NY, Page 33. 


NEW QUESTION 54 
- (Topic 1) 
The control measures that are intended to reveal the violations of security policy using software and hardware are associated with: 


A. Preventive/physical 


B. Detective/technical 
C. Detective/physical 
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D. Detective/administrative 
Answer: B 


Explanation: 

The detective/technical control measures are intended to reveal the violations of security policy using technical means. 
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the 

Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 35. 


NEW QUESTION 58 
- (Topic 1) 
Which of the following would assist the most in Host Based intrusion detection? 


A. audit trails. 

B. access control lists. 

C. security clearances. 

D. host-based authentication. 


Answer: A 


Explanation: 

To assist in Intrusion Detection you would review audit logs for access violations. 

The following answers are incorrect: 

access control lists. This is incorrect because access control lists determine who has access to what but do not detect intrusions. 

security clearances. This is incorrect because security clearances determine who has access to what but do not detect intrusions. 

host-based authentication. This is incorrect because host-based authentication determine who have been authenticated to the system but do not dectect 
intrusions. 


NEW QUESTION 62 
- (Topic 1) 
What is called a password that is the same for each log-on session? 


A. "one-time password" 
B. "two-time password" 
C. static password 

D. dynamic password 


Answer: C 


Explanation: 
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 36. 


NEW QUESTION 63 
- (Topic 1) 
Which security model is based on the military classification of data and people with clearances? 


A. Brewer-Nash model 
B. Clark-Wilson model 
C. Bell-LaPadula model 
D. Biba model 


Answer: C 


Explanation: 

The Bell-LaPadula model is a confidentiality model for information security based on the military classification of data, on people with clearances and data with a 
classification or sensitivity model. The Biba, Clark-Wilson and Brewer-Nash models are concerned with integrity. 

Source: HARE, Chris, Security Architecture and Models, Area 6 CISSP Open Study Guide, January 2002. 


NEW QUESTION 68 
- (Topic 1) 
Which of the following would constitute the best example of a password to use for access to a system by a network administrator? 


A. holiday 

B. Christmas12 
C. Jenny 

D. GyN19Za! 


Answer: D 


Explanation: 

GyN19Za! would be the the best answer because it contains a mixture of upper and lower case characters, alphabetic and numeric characters, and a special 
character making it less vulnerable to password attacks. 

All of the other answers are incorrect because they are vulnerable to brute force or dictionary attacks. Passwords should not be common words or names. The 
addition of a number to the end of a common word only marginally strengthens it because a common password attack would also check combinations of words: 
Christmas23 Christmas1 23 etc... 


NEW QUESTION 69 
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- (Topic 1) 
Pin, Password, Passphrases, Tokens, smart cards, and biometric devices are all items that can be used for Authentication. When one of these item listed above in 
conjunction with a second factor to validate authentication, it provides robust authentication of the individual by practicing which of the following? 


A. Multi-party authentication 
B. Two-factor authentication 
C. Mandatory authentication 
D. Discretionary authentication 


Answer: B 


Explanation: 

Once an identity is established it must be authenticated. There exist numerous technologies and implementation of authentication methods however they almost 
all fall under three major areas. 

There are three fundamental types of authentication: Authentication by knowledge??something a person knows 

Authentication by possession? ?something a person has 

Authentication by characteristic??something a person is Logical controls related to these types are called ??factors.?? 

Something you know can be a password or PIN, something you have can be a token fob or smart card, and something you are is usually some form of biometrics. 
Single-factor authentication is the employment of one of these factors, two-factor authentication is using two of the three factors, and three-factor authentication is 
the combination of all three factors. 

The general term for the use of more than one factor during authentication is multifactor authentication or strong authentication. 

Reference(s) used for this question: 

Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 2367-2379). Auerbach 
Publications. Kindle Edition. 


NEW QUESTION 72 
- (Topic 1) 
The end result of implementing the principle of least privilege means which of the following? 


A. Users would get access to only the info for which they have a need to know 
B. Users can access all systems. 

C. Users get new privileges added when they change positions. 

D. Authorization creep. 


Answer: A 


Explanation: 

The principle of least privilege refers to allowing users to have only the access they need and not anything more. Thus, certain users may have no need to access 
any of the files on specific systems. 

The following answers are incorrect: 

Users can access all systems. Although the principle of least privilege limits what access and systems users have authorization to, not all users would have a need 
to know to access all of the systems. The best answer is still Users would get access to only the info for which they have a need to know as some of the users may 
not have a need to access a system. 

Users get new privileges when they change positions. Although true that a user may indeed require new privileges, this is not a given fact and in actuality a user 
may require less privileges for a new position. The principle of least privilege would require that the rights required for the position be closely evaluated and where 
possible rights revoked. 

Authorization creep. Authorization creep occurs when users are given additional rights with new positions and responsibilities. The principle of least privilege 
should actually prevent authorization creep. 

The following reference(s) were/was used to create this question: ISC2 OIG 2007 p.101,123 

Shon Harris AlO v3 p148, 902-903 


NEW QUESTION 73 
- (Topic 1) 
RADIUS incorporates which of the following services? 


A. Authentication server and PIN codes. 

B. Authentication of clients and static passwords generation. 

C. Authentication of clients and dynamic passwords generation. 

D. Authentication server as well as support for Static and Dynamic passwords. 


Answer: D 


Explanation: 

A Network Access Server (NAS) operates as a client of RADIUS. The client is responsible for passing user information to 

designated RADIUS servers, and then acting on the response which is returned. 

RADIUS servers are responsible for receiving user connection requests, authenticating the user, and then returning all configuration information necessary for the 
client to deliver service to the user. 

RADIUS authentication is based on provisions of simple username/password credentials. 

These credentials are encrypted 

by the client using a shared secret between the client and the RADIUS server. OIG 2007, Page 513 

RADIUS incorporates an authentication server and can make uses of both dynamic and static passwords. 

Since it uses the PAP and CHAP protocols, it also incluses static passwords. 

RADIUS is an Internet protocol. RADIUS carries authentication, authorization, and configuration information between a Network Access Server and a shared 
Authentication Server. RADIUS features and functions are described primarily in the IETF (International Engineering Task Force) document RFC2138. 

The term " RADIUS" is an acronym which stands for Remote Authentication Dial In User Service. 

The main advantage to using a RADIUS approach to authentication is that it can provide a stronger form of authentication. RADIUS is capable of using a strong, 
two-factor form of authentication, in which users need to possess both a user ID and a hardware or software token to gain access. 

Token-based schemes use dynamic passwords. Every minute or so, the token generates a unique 4-, 6- or 8-digit access number that is synchronized with the 
security server. To gain entry into the system, the user must generate both this one-time number and provide his or her user ID and password. 

Although protocols such as RADIUS cannot protect against theft of an authenticated session via some realtime attacks, such as wiretapping, using unique, 
unpredictable authentication requests can protect against a wide range of active attacks. 
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RADIUS: Key Features and Benefits Features Benefits 

RADIUS supports dynamic passwords and challenge/response passwords. Improved system security due to the fact that passwords are not static. 

It is much more difficult for a bogus host to spoof users into giving up their passwords or password-generation algorithms. 

RADIUS allows the user to have a single user ID and password for all computers in a network. 

Improved usability due to the fact that the user has to remember only one login combination. 

RADIUS is able to: 

Prevent RADIUS users from logging in via login (or ftp). Require them to log in via login (or ftp) 

Require them to login to a specific network access server (NAS); Control access by time of day. 

Provides very granular control over the types of logins allowed, on a per-user basis. The time-out interval for failing over from an unresponsive primary RADIUS 
server toa 

backup RADIUS server is site-configurable. 

RADIUS gives System Administrator more flexibility in managing which users can login from which hosts or devices. 

Stratus Technology Product Brief http:/Awww.stratus.com/products/vos/openvos/radius.htm 

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Pages 43, 
44. 

Also check: MILLER, Lawrence & GREGORY, Peter, CISSP for Dummies, 2002, Wiley Publishing, Inc., pages 45-46. 


NEW QUESTION 74 
- (Topic 1) 
Which of the following statements relating to the Bell-LaPadula security model is FALSE (assuming the Strong Star property is not being used) ? 


A. A subject is not allowed to read up. 

B. The property restriction can be escaped by temporarily downgrading a high level subject. 
C. A subject is not allowed to read down. 

D. It is restricted to confidentiality. 


Answer: C 


Explanation: 

It is not a property of Bell LaPadula model. The other answers are incorrect because: 

A subject is not allowed to read up is a property of the 'simple security rule’ of Bell LaPadula model. 

The property restriction can be escaped by temporarily downgrading a high level subject can be escaped by temporarily downgrading a high level subject or by 
identifying a set of trusted objects which are permitted to violate the property as long as it is not in the middle of an operation. 

It is restricted to confidentiality as it is a state machine model that enforces the confidentiality aspects of access control. 

Reference: Shon Harris AlO v3 , Chapter-5 : Security Models and Architecture , Page:279- 

282 


NEW QUESTION 79 

- (Topic 1) 

In the context of Biometric authentication, what is a quick way to compare the accuracy of devices. In general, the device that have the lowest value would be the 
most accurate. Which of the following would be used to compare accuracy of devices? 


A. the CER is used. 
B. the FRR is used 
C. the FAR is used 
D. the FER is used 


Answer: A 


Explanation: 

equal error rate or crossover error rate (EER or CER): the rate at which both accept and reject errors are equal. The value of the EER can be easily obtained from 
the ROC curve. The EER is a quick way to compare the accuracy of devices with different ROC curves. In general, the device with the lowest EER is most 
accurate. 

In the context of Biometric Authentication almost all types of detection permit a system's sensitivity to be increased or decreased during an inspection process. If 
the system's sensitivity is increased, such as in an airport metal detector, the system becomes increasingly selective and has a higher False Reject Rate (FRR). 
Conversely, if the sensitivity is decreased, the False Acceptance Rate (FAR) will increase. Thus, to have a valid measure of the system performance, the 
CrossOver Error Rate (CER) is used. 

The following are used as performance metrics for biometric systems: 

false accept rate or false match rate (FAR or FMR): the probability that the system incorrectly matches the input pattern to a non-matching template in the 
database. It measures the percent of invalid inputs which are incorrectly accepted. In case of similarity scale, if the person is imposter in real, but the matching 
score is higher than the threshold, then he is treated as genuine that increase the FAR and hence performance also depends upon the selection of threshold 
value. 

false reject rate or false non-match rate (FRR or FNMR): the probability that the system fails to detect a match between the input pattern and a matching template 
in the database. It measures the percent of valid inputs which are incorrectly rejected. 

failure to enroll rate (FTE or FER): the rate at which attempts to create a template from an input is unsuccessful. This is most commonly caused by low quality 
inputs. 

failure to capture rate (FTC): Within automatic systems, the probability that the system fails to detect a biometric input when presented correctly. 

template capacity: the maximum number of sets of data which can be stored in the system. Reference(s) used for this question: 

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten 

Domains of Computer Security, 2001, John Wiley & Sons, Page 37. and 

Wikipedia at: https://en.wikipedia.org/wiki/Biometrics 


NEW QUESTION 82 
- (Topic 1) 
Which of the following control pairing places emphasis on "soft" mechanisms that support the access control objectives? 


A. Preventive/Technical Pairing 

B. Preventive/Administrative Pairing 
C. Preventive/Physical Pairing 

D. Detective/Administrative Pairing 
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Answer: B 


Explanation: 

Soft Control is another way of referring to Administrative control. 

Technical and Physical controls are NOT soft control, so any choice listing them was not the best answer. 

Preventative/Technical is incorrect because although access control can be technical control, it is commonly not referred to as a "soft" control 
Preventative/Administrative is correct because access controls are preventative in nature. it is always best to prevent a negative event, however there are times 
where controls might fail and you cannot prevent everything. Administrative controls are roles, responsibilities, 

policies, etc which are usually paper based. In the administrative category you would find audit, monitoring, and security awareness as well. 
Preventative/Physical pairing is incorrect because Access controls with an emphasis on "soft" mechanisms conflict with the basic concept of physical controls, 
physical controls are usually tangible objects such as fences, gates, door locks, sensors, etc... 

Detective/Administrative Pairing is incorrect because access control is a preventative control used to control access, not to detect violations to access. 

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 34. 


NEW QUESTION 86 
- (Topic 1) 
What can be defined as a list of subjects along with their access rights that are authorized to access a specific object? 


A. A capability table 

B. An access control list 

C. An access control matrix 
D. A role-based matrix 


Answer: B 


Explanation: 

"It [ACL] specifies a list of users [subjects] who are allowed access to each object" CBK, p. 188 

A capability table is incorrect. "Capability tables are used to track, manage and apply controls based on the object and rights, or capabilities of a subject. For 
example, a table identifies the object, specifies access rights allowed for a subject, and permits access based on the user's posession of a capability (or ticket) for 
the object." CBK, pp. 191-192. The distinction that makes this an incorrect choice is that access is based on posession of a capability by the subject. 

To put it another way, as noted in AIO3 on p. 169, "A capabiltiy table is different from an ACL because the subject is bound to the capability table, whereas the 
object is bound to the ACL." 

An access control matrix is incorrect. The access control matrix is a way of describing the rules for an access control strategy. The matrix lists the users, groups 
and roles down the left side and the resources and functions across the top. The cells of the matrix can either indicate that access is allowed or indicate the type of 
access. CBK pp 317 - 318. 

AlO3, p. 169 describes it as a table if subjects and objects specifying the access rights a certain subject possesses pertaining to specific objects. 

In either case, the matrix is a way of analyzing the access control needed by a population of subjects to a population of objects. This access control can be applied 
using rules, ACL's, capability tables, etc. 

A role-based matrix is incorrect. Again, a matrix of roles vs objects could be used as a tool for thinking about the access control to be applied to a set of objects. 
The results of the analysis could then be implemented using RBAC. 

References: 

CBK, Domain 2: Access Control. AlO3, Chapter 4: Access Control 


NEW QUESTION 88 
- (Topic 1) 
When submitting a passphrase for authentication, the passphrase is converted into ... 


A. a virtual password by the system 

B. a new passphrase by the system 

C. a new passphrase by the encryption technology 

D. areal password by the system which can be used forever 


Answer: A 


Explanation: 

Passwords can be compromised and must be protected. In the ideal case, a password should only be used once. The changing of passwords can also fall 
between these two extremes. 

Passwords can be required to change monthly, quarterly, or at other intervals, depending on the criticality of the information needing protection and the password's 
frequency of use. 

Obviously, the more times a password is used, the more chance there is of it being compromised. 

It is recommended to use a passphrase instead of a password. A passphrase is more resistant to attacks. The passphrase is converted into a virtual password by 
the system. Often time the passphrase will exceed the maximum length supported by the system and it must be trucated into a Virtual Password. 

Reference(s) used for this question: http://www. itl.nist.gov/fipspubs/fip1 12.htm 

and 

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 36 & 37. 


NEW QUESTION 92 
- (Topic 1) 
Which of the following is not a security goal for remote access? 


A. Reliable authentication of users and systems 

B. Protection of confidential data 

C. Easy to manage access control to systems and network resources 
D. Automated login for remote users 


Answer: D 
Explanation: 


An automated login function for remote users would imply a weak authentication, thus certainly not a security goal. 
Source: TIPTON, Harold F. & KRAUSE, Micki, Information Security Management Handbook, 4th edition, volume 2, 2001, CRC Press, Chapter 5: An Introduction 


The Leader of IT Certification visit - httos://www.certleader.com 


e 100% Valid and Newest Version SSCP Questions & Answers shared by Certleader 
Cert Leader https:/Awww.certleader.com/SSCP-dumps.html (1074 Q&As) 


Leader of IT Certifications 


to Secure Remote Access (page 100). 


NEW QUESTION 95 

- (Topic 1) 

A department manager has read access to the salaries of the employees in his/her department but not to the salaries of employees in other departments. A 
database security mechanism that enforces this policy would typically be said to provide which of the following? 


A. Content-dependent access control 
B. Context-dependent access control 
C. Least privileges access control 

D. Ownership-based access control 


Answer: A 


Explanation: 

When access control is based on the content of an object, it is considered to be content dependent access control. 

Content-dependent access control is based on the content itself. The following answers are incorrect: 

context-dependent access control. Is incorrect because this type of control is based on what the context is, facts about the data rather than what the object 
contains. 

least privileges access control. Is incorrect because this is based on the least amount of rights needed to perform their jobs and not based on what is contained in 
the database. ownership-based access control. Is incorrect because this is based on the owner of the data and and not based on what is contained in the 
database. 

References: 

OIG CBK Access Control (page 191) 


NEW QUESTION 97 
- (Topic 1) 
A central authority determines what subjects can have access to certain objects based on the organizational security policy is called: 


A. Mandatory Access Control 

B. Discretionary Access Control 

C. Non-Discretionary Access Control 
D. Rule-based Access control 


Answer: C 


Explanation: 

A central authority determines what subjects can have access to certain objects based on the organizational security policy. 

The key focal point of this question is the 'central authority’ that determines access rights. Cecilia one of the quiz user has sent me feedback informing me that 
NIST defines MAC as: 

"MAC Policy means that Access Control Policy Decisions are made by a CENTRAL 

AUTHORITY. Which seems to indicate there could be two good answers to this question. 

However if you read the NISTR document mentioned in the references below, it is also mentioned that: MAC is the most mentioned NDAC policy. So MAC is a 
form of NDAC policy. 

Within the same document it is also mentioned: "In general, all access control policies other than DAC are grouped in the category of non- discretionary access 
control (NDAC). As the name implies, policies in this category have rules that are not established at the discretion of the user. Non-discretionary policies establish 
controls that cannot be changed by users, but only through administrative action." 

Under NDAC you have two choices: 

Rule Based Access control and Role Base Access Control 

MAC is implemented using RULES which makes it fall under RBAC which is a form of NDAC. It is a subset of NDAC. 

This question is representative of what you can expect on the real exam where you have more than once choice that seems to be right. However, you have to look 
closely if one of the choices would be higher level or if one of the choice falls under one of the other choice. In this case NDAC is a better choice because MAC is 
falling under NDAC through the use of Rule Based Access Control. 

The following are incorrect answers: MANDATORY ACCESS CONTROL 

In Mandatory Access Control the labels of the object and the clearance of the subject 

determines access rights, not a central authority. Although a central authority (Better known as the Data Owner) assigns the label to the object, the system does 
the determination of access rights automatically by comparing the Object label with the Subject clearance. The subject clearance MUST dominate (be equal or 
higher) than the object being accessed. 

The need for a MAC mechanism arises when the security policy of a system dictates that: 

1. Protection decisions must not be decided by the object owner. 

2. The system must enforce the protection decisions (i.e., the system enforces the security policy over the wishes or intentions of the object owner). 

Usually a labeling mechanism and a set of interfaces are used to determine access based on the MAC policy; for example, a user who is running a process at the 
Secret classification should not be allowed to read a file with a label of Top Secret. This is known as the ??simple security rule,?? or ??no read up.?? 

Conversely, a user who is running a process with a label of Secret should not be allowed to write to a file with a label of Confidential. This rule is called the 
??*-property?? (pronounced 

??star property??) or ??no write down.?? The *-property is required to maintain system security in an automated environment. 

DISCRETIONARY ACCESS CONTROL 

In Discretionary Access Control the rights are determined by many different entities, each of the persons who have created files and they are the owner of that file, 
not one central authority. 

DAC leaves a certain amount of access control to the discretion of the object's owner or anyone else who is authorized to control the object's access. For example, 
it is generally used to limit a user's access to a file; it is the owner of the file who controls other users' accesses to the file. Only those users specified by the owner 
may have some combination of read, write, execute, and other permissions to the file. 

DAC policy tends to be very flexible and is widely used in the commercial and government sectors. However, DAC is known to be inherently weak for two reasons: 
First, granting read access is transitive; for example, when Ann grants Bob read access to a file, nothing stops Bob from copying the contents of Ann??s file to an 
object that Bob controls. Bob may now grant any other user access to the copy of Ann??s file without Ann??s knowledge. 

Second, DAC policy is vulnerable to Trojan horse attacks. Because programs inherit the identity of the invoking user, Bob may, for example, write a program for 
Ann that, on the surface, performs some useful function, while at the same time destroys the contents of Ann??s files. When investigating the problem, the audit 
files would indicate that Ann destroyed her own files. Thus, formally, the drawbacks of DAC are as follows: 

Discretionary Access Control (DAC) Information can be copied from one object to another; therefore, there is no real assurance on the flow of information in a 
system. 

No restrictions apply to the usage of information when the user has received it. 
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The privileges for accessing objects are decided by the owner of the object, rather than through a system-wide policy that reflects the organization? ?s security 
requirements. 

ACLs and owner/group/other access control mechanisms are by far the most common mechanism for implementing DAC policies. Other mechanisms, even 
though not designed with DAC in mind, may have the capabilities to implement a DAC policy. 

RULE BASED ACCESS CONTROL 

In Rule-based Access Control a central authority could in fact determine what subjects can 

have access when assigning the rules for access. However, the rules actually determine the access and so this is not the most correct answer. 

RuBAC (as opposed to RBAC, role-based access control) allow users to access systems and information based on pre determined and configured rules. It is 
important to note that there is no commonly understood definition or formally defined standard for rule-based access control as there is for DAC, MAC, and RBAC. 
??Rule-based access?? is a generic term applied to systems that allow some form of organization-defined rules, and therefore rule-based access control 
encompasses a broad range of systems. RUuBAC may in fact be combined with other models, particularly RBAC or DAC. A RUBAC system intercepts every access 
request and compares the rules with the rights of the user to make an access decision. Most of the rule-based access control relies on a security label system, 
which dynamically composes a set of rules defined by a security policy. Security labels are attached to all objects, including files, directories, and devices. 
Sometime roles to subjects (based on their attributes) are assigned as well. RUBAC meets the business needs as well as the technical needs of controlling service 
access. It allows business rules to be applied to access control??for example, customers who have overdue balances may be denied service access. As a 
mechanism for MAC, rules of RUBAC cannot be changed by users. The rules can be established by any attributes of a system related to the users such as 
domain, host, protocol, network, or IP addresses. For example, suppose that a user wants to access an object in another network on the other side of a router. The 
router employs RuBAC with the rule composed by the network addresses, domain, and protocol to decide whether or not the user can be granted access. If 
employees change their roles within the organization, their existing authentication credentials remain in effect and do not need to be re configured. Using rules in 
conjunction with roles adds greater flexibility because rules can be applied to people as well as to devices. Rule-based access control can be combined with role- 
based access control, such that the role of a user is one of the attributes in rule setting. Some provisions of access control systems have rule- based policy 
engines in addition to a role-based policy engine and certain implemented dynamic policies [Des03]. For example, suppose that two of the primary types of 
software users are product engineers and quality engineers. Both groups usually have access to the same data, but they have different roles to perform in relation 
to the data and the application's function. In addition, individuals within each group have different job responsibilities that may be identified using several types of 
attributes such as developing programs and testing areas. Thus, the access decisions can be made in real time by a scripted policy that regulates the access 
between the groups of product engineers and quality engineers, and each individual within these groups. Rules can either replace or complement role-based 
access control. However, the creation of rules and security policies is also a complex process, so each organization will need to strike the appropriate balance. 
References used for this question: http://csrc.nist.gov/publications/nistir/7316/NISTIR-7316.pdf and 

AlO v3 p162-167 and OIG (2007) p.186-191 

also 

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 33. 


NEW QUESTION 100 
- (Topic 1) 
In addition to the accuracy of the biometric systems, there are other factors that must also be considered: 


A. These factors include the enrollment time and the throughput rate, but not acceptability. 

B. These factors do not include the enrollment time, the throughput rate, and acceptability. 

C. These factors include the enrollment time, the throughput rate, and acceptability. 

D. These factors include the enrollment time, but not the throughput rate, neither the acceptability. 


Answer: C 


Explanation: 

In addition to the accuracy of the biometric systems, there are other factors that must also be considered. 

These factors include the enrollment time, the throughput rate, and acceptability. Enrollment time is the time it takes to initially "register" with a system by providing 
samples 

of the biometric characteristic to be evaluated. An acceptable enrollment time is around two 

minutes. 

For example, in fingerprint systems, the actual fingerprint is stored and requires approximately 250kb per finger for a high quality image. This level of information is 
required for one-to-many searches in forensics applications on very large databases. 

In finger-scan technology, a full fingerprint is not stored-the features extracted from this fingerprint are stored using a small template that requires approximately 
500 to 1000 bytes of storage. The original fingerprint cannot be reconstructed from this template. 

Updates of the enrollment information may be required because some biometric characteristics, such as voice and signature, may change with time. 

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 37 & 
38. 


NEW QUESTION 101 
- (Topic 1) 
What is the primary role of smartcards in a PKI? 


A. Transparent renewal of user keys 

B. Easy distribution of the certificates between the users 

C. Fast hardware encryption of the raw data 

D. Tamper resistant, mobile storage and application of private keys of the users 


Answer: D 


Explanation: 

Reference: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, 2001, McGraw- Hill/Osborne, page 139; 

SNYDER, J., What is a SMART CARD?. 

Wikipedia has a nice definition at: http://en.wikipedia.org/wiki/Tamper_resistance Security 

Tamper-resistant microprocessors are used to store and process private or sensitive information, such as private keys or electronic money credit. To prevent an 
attacker from 

retrieving or modifying the information, the chips are designed so that the information is not accessible through external means and can be accessed only by the 
embedded software, which should contain the appropriate security measures. 

Examples of tamper-resistant chips include all secure cryptoprocessors, such as the IBM 4758 and chips used in smartcards, as well as the Clipper chip. 

It has been argued that it is very difficult to make simple electronic devices secure against tampering, because numerous attacks are possible, including: 
physical attack of various forms (microprobing, drills, files, solvents, etc.) freezing the device 

applying out-of-spec voltages or power surges applying unusual clock signals 

inducing software errors using radiation 
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measuring the precise time and power requirements of certain operations (see power analysis) 

Tamper-resistant chips may be designed to zeroise their sensitive data (especially cryptographic keys) if they detect penetration of their security encapsulation or 
out-of- specification environmental parameters. A chip may even be rated for "cold zeroisation”, the ability to zeroise itself even after its power supply has been 
crippled. 

Nevertheless, the fact that an attacker may have the device in his possession for as long as he likes, and perhaps obtain numerous other samples for testing and 
practice, means that it is practically impossible to totally eliminate tampering by a sufficiently motivated opponent. Because of this, one of the most important 
elements in protecting a system is overall system design. In particular, tamper-resistant systems should "fail gracefully" by ensuring that compromise of one device 
does not compromise the entire system. In this manner, the attacker can be practically restricted to attacks that cost less than the expected return from 
compromising a single device (plus, perhaps, a little more for kudos). Since the most sophisticated attacks have been estimated to cost several hundred thousand 
dollars to carry out, carefully designed systems may be invulnerable in practice. 


NEW QUESTION 104 
- (Topic 1) 
Which of the following is an example of discretionary access control? 


A. ldentity-based access control 
B. Task-based access control 
C. Role-based access control 
D. Rule-based access control 


Answer: A 


Explanation: 

An identity-based access control is an example of discretionary access control that is based on an individual's identity. Identity-based access control (IBAC) is 
access control based on the identity of the user (typically relayed as a characteristic of the process acting on behalf of that user) where access authorizations to 
specific objects are assigned based on user identity. 

Rule Based Access Control (RUBAC) and Role Based Access Control (RBAC) are 

examples of non-discretionary access controls. 

Rule-based access control is a type of non-discretionary access control because this access is determined by rules and the subject does not decide what those 
rules will be, the rules are uniformly applied to ALL of the users or subjects. 

In general, all access control policies other than DAC are grouped in the category of non- discretionary access control (NDAC). As the name implies, policies in 
this category have rules that are not established at the discretion of the user. Non-discretionary policies establish controls that cannot be changed by users, but 
only through administrative action. 

Both Role Based Access Control (RBAC) and Rule Based Access Control (RUBAC) fall within Non Discretionary Access Control (NDAC). If it is not DAC or MAC 
then it is most likely NDAC. 

BELOW YOU HAVE A DESCRIPTION OF THE DIFFERENT CATEGORIES: 

MAC = Mandatory Access Control 

Under a mandatory access control environment, the system or security administrator will define what permissions subjects have on objects. The administrator does 
not dictate user??s access but simply configure the proper level of access as dictated by the Data Owner. 

The MAC system will look at the Security Clearance of the subject and compare it with the object sensitivity level or classification level. This is what is called the 
dominance relationship. 

The subject must DOMINATE the object sensitivity level. Which means that the subject must have a security clearance equal or higher than the object he is 
attempting to access. 

MAC also introduce the concept of labels. Every objects will have a label attached to them indicating the classification of the object as well as categories that are 
used to impose the need to know (NTK) principle. Even thou a user has a security clearance of Secret it does not mean he would be able to access any Secret 
documents within the system. He would be allowed to access only Secret document for which he has a Need To Know, formal approval, and object where the user 
belong to one of the categories attached to the object. 

If there is no clearance and no labels then IT IS NOT Mandatory Access Control. 

Many of the other models can mimic MAC but none of them have labels and a dominance 

relationship so they are NOT in the MAC category. 

DAC = Discretionary Access Control 

DAC is also known as: Identity Based access control system. 

The owner of an object is define as the person who created the object. As such the owner has the discretion to grant access to other users on the network. Access 
will be granted based solely on the identity of those users. 

Such system is good for low level of security. One of the major problem is the fact that a user who has access to someone's else file can further share the file with 
other users without the knowledge or permission of the owner of the file. Very quickly this could become the wild wild west as there is no control on the 
dissimination of the information. 

RBAC = Role Based Access Control 

RBAC is a form of Non-Discretionary access control. 

Role Based access control usually maps directly with the different types of jobs performed by employees within a company. 

For example there might be 5 security administrator within your company. Instead of creating each of their profile one by one, you would simply create a role and 
assign the administrators to the role. Once an administrator has been assigned to a role, he will IMPLICITLY inherit the permissions of that role. 

RBAC is great tool for environment where there is a a large rotation of employees on a daily basis such as a very large help desk for example. 

RBAC or RuBAC = Rule Based Access Control RuBAC is a form of Non-Discretionary access control. 

A good example of a Rule Based access control device would be a Firewall. A single set of rules is imposed to all users attempting to connect through the firewall. 
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the 

Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 33. and 

NISTIR-7316 at http://csrc.nist.gov/publications/nistir/7316/NISTIR-7316.pdf and 

http://itlaw.wikia.com/wiki/Identity-based_access_control 


NEW QUESTION 109 

- (Topic 1) 

Almost all types of detection permit a system's sensitivity to be increased or decreased during an inspection process. If the system's sensitivity is increased, such 
as in a biometric authentication system, the system becomes increasingly selective and has the possibility of generating: 


A. Lower False Rejection Rate (FRR) 
B. Higher False Rejection Rate (FRR) 
C. Higher False Acceptance Rate (FAR) 
D. It will not affect either FAR or FRR 


Answer: B 
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Explanation: 

Almost all types of detection permit a system's sensitivity to be increased or decreased during an inspection process. If the system's sensitivity is increased, such 
as in a biometric authentication system, the system becomes increasingly selective and has a higher False Rejection Rate (FRR). 

Conversely, if the sensitivity is decreased, the False Acceptance Rate (FRR) will increase. Thus, to have a valid measure of the system performance, the Cross 
Over Error (CER) rate is used. The Crossover Error Rate (CER) is the point at which the false rejection rates and the false acceptance rates are equal. The lower 
the value of the CER, the more accurate the system. 

There are three categories of biometric accuracy measurement (all represented as percentages): 

False Reject Rate (a Type | Error): When authorized users are falsely rejected as unidentified or unverified. 

False Accept Rate (a Type II Error): When unauthorized persons or imposters are falsely accepted as authentic. 

Crossover Error Rate (CER): The point at which the false rejection rates and the false acceptance rates are equal. The smaller the value of the CER, the more 
accurate the system. 

NOTE: 

Within the ISC2 book they make use of the term Accept or Acceptance and also Reject or Rejection when referring to the type of errors within biometrics. Below 
we make use of Acceptance and Rejection throughout the text for conistency. However, on the real exam you could see either of the terms. 

Performance of biometrics 

Different metrics can be used to rate the performance of a biometric factor, solution or application. The most common performance metrics are the False 
Acceptance Rate FAR and the False Rejection Rate FRR. 

When using a biometric application for the first time the user needs to enroll to the system. The system requests fingerprints, a voice recording or another biometric 
factor from the 

operator, this input is registered in the database as a template which is linked internally to a user ID. The next time when the user wants to authenticate or identify 
himself, the biometric input provided by the user is compared to the template(s) in the database by a matching algorithm which responds with acceptance (match) 
or rejection (no match). 

FAR and FRR 

The FAR or False Acceptance rate is the probability that the system incorrectly authorizes a non-authorized person, due to incorrectly matching the biometric input 
with a valid template. The FAR is normally expressed as a percentage, following the FAR definition this is the percentage of invalid inputs which are incorrectly 
accepted. 

The FRR or False Rejection Rate is the probability that the system incorrectly rejects access to an authorized person, due to failing to match the biometric input 
provided by the user with a stored template. The FRR is normally expressed as a percentage, following the FRR definition this is the percentage of valid inputs 
which are incorrectly rejected. 

FAR and FRR are very much dependent on the biometric factor that is used and on the technical implementation of the biometric solution. Furthermore the FRR is 
strongly person dependent, a personal FRR can be determined for each individual. 

Take this into account when determining the FRR of a biometric solution, one person is insufficient to establish an overall FRR for a solution. Also FRR might 
increase due to environmental conditions or incorrect use, for example when using dirty fingers on a fingerprint reader. Mostly the FRR lowers when a user gains 
more experience in how to use the biometric device or software. 

FAR and FRR are key metrics for biometric solutions, some biometric devices or software even allow to tune them so that the system more quickly matches or 
rejects. Both FRR and FAR are important, but for most applications one of them is considered most important. Two examples to illustrate this: 

When biometrics are used for logical or physical access control, the objective of the application is to disallow access to unauthorized individuals under all 
circumstances. It is clear that a very low FAR is needed for such an application, even if it comes at the price of a higher FRR. 

When surveillance cameras are used to screen a crowd of people for missing children, the objective of the application is to identify any missing children that come 
up on the screen. When the identification of those children is automated using a face recognition software, this software has to be set up with a low FRR. As such 
a higher number of matches will be false positives, but these can be reviewed quickly by surveillance personnel. 

False Acceptance Rate is also called False Match Rate, and False Rejection Rate is sometimes referred to as False Non-Match Rate. 

crossover error rate 


Sensitivity 


crossover error rate 

Above see a graphical representation of FAR and FRR errors on a graph, indicating the CER 

CER 

The Crossover Error Rate or CER is illustrated on the graph above. It is the rate where both FAR and FRR are equal. 

The matching algorithm in a biometric software or device uses a (configurable) threshold which determines how close to a template the input must be for it to be 
considered a match. This threshold value is in some cases referred to as sensitivity, it is marked on the X axis of the plot. When you reduce this threshold there will 
be more false acceptance errors (higher FAR) and less false rejection errors (lower FRR), a higher threshold will lead to lower FAR and higher FRR. 

Speed 

Most manufacturers of biometric devices and softwares can give clear numbers on the time it takes to enroll as well on the time for an individual to be 
authenticated or identified using their application. If speed is important then take your time to consider this, 5 seconds might seem a short time on paper or when 
testing a device but if hundreds of people will use the device multiple times a day the cumulative loss of time might be significant. 

Reference(s) used for this question: 

Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third 

Edition ((ISC)2 Press) (Kindle Locations 2723-2731). Auerbach Publications. Kindle Edition. 

and 

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 37. 

and 

http :/Awww.biometric-solutions.com/index.php?story=performance_biometrics 


NEW QUESTION 110 
- (Topic 1) 
What are the components of an object's sensitivity label? 


A. A Classification Set and a single Compartment. 
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B. A single classification and a single compartment. 
C. A Classification Set and user credentials. 
D. A single classification and a Compartment Set. 


Answer: D 


Explanation: 

Both are the components of a sensitivity label. The following are incorrect: 

A Classification Set and a single Compartment. Is incorrect because the nomenclature "Classification Set” is incorrect, there only one classifcation and it is not a 
"single compartment” but a Compartment Set. 

A single classification and a single compartment. Is incorrect because while there only is one classifcation, it is not a "single compartment" but a Compartment Set. 
A Classification Set and user credentials. Is incorrect because the nomenclature "Classification Set" is incorrect, there only one classifcation and it is not "user 
credential” but a Compartment Set. The user would have their own sensitivity label. 


NEW QUESTION 111 
- (Topic 1) 
Which of the following would be true about Static password tokens? 


A. The owner identity is authenticated by the token 

B. The owner will never be authenticated by the token. 

C. The owner will authenticate himself to the system. 

D. The token does not authenticates the token owner but the system. 


Answer: A 


Explanation: 

Password Tokens 

Tokens are electronic devices or cards that supply a user's password for them. A token system can be used to supply either a static or a dynamic password. There 
is a big difference between the static and dynamic systems, a static system will normally log a user in but a dynamic system the user will often have to log 
themselves in. 

Static Password Tokens: 

The owner identity is authenticated by the token. This is done by the person who issues the token to the owner (normally the employer). The owner of the token is 
now authenticated by "something you have". The token authenticates the identity of the owner to the information system. An example of this occurring is when an 
employee swipes his or her smart card over an electronic lock to gain access to a store room. 

Synchronous Dynamic Password Tokens: 

This system is a lot more complex then the static token password. The synchronous dynamic password tokens generate new passwords at certain time intervals 
that are synched with the main system. The password is generated on a small device similar to a pager or a calculator that can often be attached to the user's key 
ring. Each password is only valid for a certain time period, typing in the wrong password in the wrong time period will invalidate the authentication. The time factor 
can also be the systems downfall. If a clock on the system or the password token device becomes out of synch, a user can have troubles authenticating 
themselves to the system. 

Asynchronous Dynamic Password Tokens: 

The clock synching problem is eliminated with asynchronous dynamic password tokens. This system works on the same principal as the synchronous one but it 
does not have a time frame. A lot of big companies use this system especially for employee's who may work from home on the companies VPN (Virtual private 
Network). 

Challenge Response Tokens: 

This is an interesting system. A user will be sent special "challenge" strings at either random or timed intervals. The user inputs this challenge string into their token 
device and the device will respond by generating a challenge response. The user then types this response into the system and if it is correct they are 
authenticated. 

Reference(s) used for this question: http:/Awww.informit.com/guides/content.aspx?g=security&seqNum=1 46 

and 

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 37. 


NEW QUESTION 115 
- (Topic 1) 
Which of the following is not a two-factor authentication mechanism? 


A. Something you have and something you know. 
B. Something you do and a password. 

C. A smartcard and something you are. 

D. Something you know and a password. 


Answer: D 


Explanation: 

Something you know and a password fits within only one of the three ways authentication could be done. A password is an example of something you know, 
thereby something you know and a password does not constitute a two-factor authentication as both are in the same category of factors. 

A two-factor (strong) authentication relies on two different kinds of authentication factors out of a list of three possible choice: 

something you know (e.g. a PIN or password), 

something you have (e.g. a smart card, token, magnetic card), 

something you are is mostly Biometrics (e.g. a fingerprint) or something you do (e.g. signature dynamics). 

TIP FROM CLEMENT: 

On the real exam you can expect to see synonyms and sometimes sub-categories under the main categories. People are familiar with Pin, Passphrase, Password 
as subset of Something you know. 

However, when people see choices such as Something you do or Something you are they immediately get confused and they do not think of them as subset of 
Biometrics where you have Biometric implementation based on behavior and physilogical attributes. So something you do falls under the Something you are 
category as a subset. 

Something your do would be signing your name or typing text on your keyboard for example. 

Strong authentication is simply when you make use of two factors that are within two different categories. 

Reference(s) used for this question: 

Shon Harris, CISSP All In One, Fifth Edition, pages 158-159 


The Leader of IT Certification visit - httos://www.certleader.com 


C ert Le a de r 100% Valid and Newest Version SSCP Questions & Answers shared by Certleader 


Leader ee https:/Awww.certleader.com/SSCP-dumps.html (1074 Q&As) 


NEW QUESTION 120 
- (Topic 1) 
Why should batch files and scripts be stored in a protected area? 


A. Because of the least privilege concept. 
B. Because they cannot be accessed by operators. 
C. Because they may contain credentials. 
D. Because of the need-to-know concept. 


Answer: C 


Explanation: 

Because scripts contain credentials, they must be stored in a protected area and the transmission of the scripts must be dealt with carefully. Operators might need 
access to batch files and scripts. The least privilege concept requires that each subject in a system be granted the most restrictive set of privileges needed for the 
performance of authorized tasks. The need-to-know principle requires a user having necessity for access to, knowledge of, or possession of specific information 
required to perform official tasks or services. 

Source: WALLHOFF, John, CISSP Summary 2002, April 2002, CBK#1 Access Control System & Methodology (page 3) 


NEW QUESTION 121 
- (Topic 1) 
What is called a sequence of characters that is usually longer than the allotted number for a password? 


A. passphrase 

B. cognitive phrase 
C. anticipated phrase 
D. Real phrase 


Answer: A 


Explanation: 
A passphrase is a sequence of characters that is usually longer than the allotted number for a password. 
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, page 37. 


NEW QUESTION 123 
- (Topic 1) 
Which division of the Orange Book deals with discretionary protection (need-to-know)? 


A. D 

B.C 

C.B 

D. A 

Answer: B 

Explanation: 

C deals with discretionary protection. See matric below: 
TNI/TCSEC MATRIX 

— es a [~ | B3] B2 [Bi [c2 [cr | 

____ DISCRETIONARY ACCESS j 

[ Discretionary Access Control 

| Identification and Authentication 

| System Integrity 
System Architecture 
Security Testing 

l Security Features User's Guide Trusted Facility 

Manual Design Documentation Test Documentation _ 

E CONTROLLED ACCESS | 
Protect Audit Trails | 
Object Reuse 

MANDATORY ACCESS CONTROL 

(Labels E aes E ae] 
Mandatory Access Control a ty 
Process isolation in system architecture SS ES BSS SS] 

| Design Specification & Verification EV BS Bae 
Device labels E= = a E 
Subject Sensitivity Labels Se BS ee | | 
Trusted Path S 

| Separation of Administrator and User functions a e n | 
Covert Channel Analysis Pi 
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| Trusted Facility Management E e | 
Configuration Management BS ES Es | 

| Trusted Recovery E | 4 
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Trusted Distribution — i a (iam 
Formal Methods asl a a a; 
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TCSEC Matric 

The following are incorrect answers: 

D is incorrect. D deals with minimal security. 

B is incorrect. B deals with mandatory protection. A is incorrect. A deals with verified protection. Reference(s) used for this question: 
CBK, p. 329 ?C 330 
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and 
Shon Harris, CISSP All In One (AIO), 6th Edition , page 392-393 


NEW QUESTION 127 
- (Topic 1) 
What does the simple integrity axiom mean in the Biba model? 


A. No write down 
B. No read down 
C. No read up 
D. No write up 


Answer: B 


Explanation: 

The simple integrity axiom of the Biba access control model states that a subject at one level of integrity is not permitted to observe an object of a lower integrity 
(no read down). 

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 5: 
Security Architectures and Models (page 205). 


NEW QUESTION 129 
- (Topic 1) 
Which of the following access control models requires defining classification for objects? 


A. Role-based access control 

B. Discretionary access control 
C. Identity-based access control 
D. Mandatory access control 


Answer: D 


Explanation: 

With mandatory access control (MAC), the authorization of a subject's access to an object is dependant upon labels, which indicate the subject's clearance, and 
classification of objects. 

The Following answers were incorrect: 

Identity-based Access Control is a type of Discretionary Access Control (DAC), they are synonymous. 

Role Based Access Control (RBAC) and Rule Based Access Control (RUBAC or RBAC) are types of Non Discretionary Access Control (NDAC). 

Tip: 

When you have two answers that are synonymous they are not the right choice for sure. 

There is only one access control model that makes use of Label, Clearances, and Categories, it is Mandatory Access Control, none of the other one makes use of 
those items. 

Reference(s) used for this question: 

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 2: Access 
control systems (page 33). 


NEW QUESTION 131 
- (Topic 1) 
Examples of types of physical access controls include all EXCEPT which of the following? 


A. badges 

B. locks 

C. guards 

D. passwords 


Answer: D 


Explanation: 

Passwords are considered a Preventive/Technical (logical) control. The following answers are incorrect: 

badges Badges are a physical control used to identify an individual. A badge can include a smart device which can be used for authentication and thus a Technical 
control, but the actual badge itself is primarily a physical control. 

locks Locks are a Preventative Physical control and has no Technical association. guards Guards are a Preventative Physical control and has no Technical 
association. 

The following reference(s) were/was used to create this question: 

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 2: 
Access control systems (page 35). 


NEW QUESTION 134 
- (Topic 1) 
The controls that usually require a human to evaluate the input from sensors or cameras to determine if a real threat exists are associated with: 


A. Preventive/physical 

B. Detective/technical 

C. Detective/physical 

D. Detective/administrative 
Answer: C 


Explanation: 
Detective/physical controls usually require a human to evaluate the input from sensors or cameras to determine if a real threat exists. 
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Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 36. 


NEW QUESTION 136 
- (Topic 1) 
Which of the following is true of two-factor authentication? 


A. It uses the RSA public-key signature based on integers with large prime factors. 
B. It requires two measurements of hand geometry. 

C. It does not use single sign-on technology. 

D. It relies on two independent proofs of identity. 


Answer: D 


Explanation: 

The Answer It relies on two independent proofs of identity. Two-factor authentication refers to using two independent proofs of identity, such as something the 
user has (e.g. a token card) and something the user knows (a password). Two-factor authentication may be used with single sign-on. 

The following answers are incorrect: It requires two measurements of hand geometry. Measuring hand geometry twice does not yield two independent proofs. 
It uses the RSA public-key signature based on integers with large prime factors. RSA encryption uses integers with exactly two prime factors, but the term "two- 
factor authentication" is not used in that context. 

It does not use single sign-on technology. This is a detractor. The following reference(s) were/was used to create this question: 

Shon Harris AlO v.3 p.129 

ISC2 OIG, 2007 p. 126 


NEW QUESTION 137 
- (Topic 1) 
What does it mean to say that sensitivity labels are "incomparable"? 


A. The number of classification in the two labels is different. 
B. Neither label contains all the classifications of the other. 
C. the number of categories in the two labels are different. 
D. Neither label contains all the categories of the other. 


Answer: D 


Explanation: 

If a category does not exist then you cannot compare it. Incomparable is when you have two disjointed sensitivity labels, that is a category in one of the labels is 
not in the other label. "Because neither label contains all the categories of the other, the labels can't be compared. They're said to be incomparable" 
COMPARABILITY: 

The label: 

TOP SECRET [VENUS ALPHA] 

is "higher" than either of the labels: 

SECRET [VENUS ALPHA] TOP SECRET [VENUS] 

But you can't really say that the label: 

TOP SECRET [VENUS] 

is higher than the label: 

SECRET [ALPHA] 

Because neither label contains all the categories of the other, the labels can't be compared. They're said to be incomparable. In a mandatory access control 
system, you won't be allowed access to a file whose label is incomparable to your clearance. 

The Multilevel Security policy uses an ordering relationship between labels known as the dominance relationship. Intuitively, we think of a label that dominates 
another as being "higher" than the other. Similarly, we think of a label that is dominated by another as being "lower" than the other. The dominance relationship is 
used to determine permitted operations and information flows. 

DOMINANCE 
The dominance relationship is determined by the ordering of the Sensitivity/Clearance component of the label and the intersection of the set of Compartments. 
Sample Sensitivity/Clearance ordering are: 

Top Secret > Secret > Confidential > Unclassified s3 > s2 > s1 > s0 

Formally, for label one to dominate label 2 both of the following must be true: The sensitivity/clearance of label one must be greater than or equal to the 

sensitivity/clearance of label two. 

The intersection of the compartments of label one and label two must equal the compartments of label two. 

Additionally: 

Two labels are said to be equal if their sensitivity/clearance and set of compartments are exactly equal. Note that dominance includes equality. 
One label is said to strictly dominate the other if it dominates the other but is not equal to the other. 

Two labels are said to be incomparable if each label has at least one compartment that is not included in the other's set of compartments. 

The dominance relationship will produce a partial ordering over all possible MLS labels, resulting in what is known as the MLS Security Lattice. 
The following answers are incorrect: 

The number of classification in the two labels is different. Is incorrect because the categories are what is being compared, not the classifications. 
Neither label contains all the classifications of the other. Is incorrect because the categories are what is being compared, not the classifications. 
the number of categories in the two labels is different. Is incorrect because it is possibe a category exists more than once in one sensitivity label and does exist in 
the other so they would be comparable. 

Reference(s) used for this question: 

OReilly - Computer Systems and Access Control (Chapter 3) http://www.oreilly.com/catalog/csb/chapter/ch03.html 
and http://rubix.com/cms/mls_dom 


NEW QUESTION 140 
- (Topic 1) 
Which of the following exemplifies proper separation of duties? 


A. Operators are not permitted modify the system time. 

B. Programmers are permitted to use the system console. 

C. Console operators are permitted to mount tapes and disks. 
D. Tape operators are permitted to use the system console. 
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Answer: A 


Explanation: 

This is an example of Separation of Duties because operators are prevented from modifying the system time which could lead to fraud. Tasks of this nature should 
be performed by they system administrators. 

AIO defines Separation of Duties as a security principle that splits up a critical task among two or more individuals to ensure that one person cannot complete a 
risky task by himself. 

The following answers are incorrect: 

Programmers are permitted to use the system console. Is incorrect because programmers should not be permitted to use the system console, this task should be 
performed by operators. Allowing programmers access to the system console could allow fraud to occur so this is not an example of Separation of Duties.. 
Console operators are permitted to mount tapes and disks. Is incorrect because operators should be able to mount tapes and disks so this is not an example of 
Separation of Duties. 

Tape operators are permitted to use the system console. Is incorrect because operators should be able to use the system console so this is not an example of 
Separation of Duties. 

References: 

OIG CBK Access Control (page 98 - 101) AlOv3 Access Control (page 182) 


NEW QUESTION 141 
- (Topic 1) 
Kerberos is vulnerable to replay in which of the following circumstances? 


A. When a private key is compromised within an allotted time window. 
B. When a public key is compromised within an allotted time window. 
C. When a ticket is compromised within an allotted time window. 

D. When the KSD is compromised within an allotted time window. 


Answer: C 


Explanation: 

Replay can be accomplished on Kerberos if the compromised tickets are 

used within an allotted time window. 

The security depends on careful implementation:enforcing limited lifetimes for authentication credentials minimizes the threat of of replayed credentials, the KDC 
must be physically secured, and it should be hardened, not permitting any non-kerberos activities. 

Reference: 

Official ISC2 Guide to the CISSP, 2007 Edition, page 184 also see: 

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 42. 


NEW QUESTION 142 
- (Topic 1) 
What is called the percentage of valid subjects that are falsely rejected by a Biometric Authentication system? 


A. False Rejection Rate (FRR) or Type | Error 

B. False Acceptance Rate (FAR) or Type II Error 
C. Crossover Error Rate (CER) 

D. True Rejection Rate (TRR) or Type III Error 


Answer: A 


Explanation: 
The percentage of valid subjects that are falsely rejected is called the False Rejection Rate (FRR) or Type | Error. 
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 38. 


NEW QUESTION 144 
- (Topic 1) 
Which of the following protection devices is used for spot protection within a few inches of the object, rather than for overall room security monitoring? 


A. Wave pattern motion detectors 
B. Capacitance detectors 

C. Field-powered devices 

D. Audio detectors 


Answer: B 


Explanation: 

Capacitance detectors monitor an electrical field surrounding the object being monitored. They are used for spot protection within a few inches of the object, rather 
than for overall room security monitoring used by wave detectors. Penetration of this field changes the electrical capacitance of the field enough to generate and 
alarm. Wave pattern motion detectors generate a frequency wave pattern and send an alarm if the pattern is disturbed as it is reflected back to its receiver. Field- 
powered devices are a type of personnel access control devices. Audio detectors simply monitor a room for any abnormal sound wave generation and trigger an 
alarm. 

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 10: 

Physical security (page 344). 


NEW QUESTION 146 

- (Topic 1) 

What mechanism automatically causes an alarm originating in a data center to be transmitted over the local municipal fire or police alarm circuits for relaying to 
both the local police/fire station and the appropriate headquarters? 


A. Central station alarm 
B. Proprietary alarm 
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C. Aremote station alarm 
D. An auxiliary station alarm 


Answer: D 


Explanation: 

Auxiliary station alarms automatically cause an alarm originating in a data center to be transmitted over the local municipal fire or police alarm circuits for relaying 
to both the local police/fire station and the appropriate headquarters. They are usually Municipal Fire Alarm Boxes are installed at your business or building, they 
are wired directly into the fire station. 

Central station alarms are operated by private security organizations. It is very similar to a proprietary alarm system (see below). However, the biggest difference is 
the monitoring and receiving of alarm is done off site at a central location manned by non staff members. It is a third party. 

Proprietary alarms are similar to central stations alarms except that monitoring is performed directly on the protected property. This type of alarm is usually use to 
protect large industrials or commercial buildings. Each of the buildings in the same vincinity has their own alarm system, they are all wired together at a central 
location within one of the building acting as a common receiving point. This point is usually far away from the other building so it is not under the same danger. It is 
usually man 24 hours a day by a trained team who knows how to react under different conditions. 

A remote station alarm is a direct connection between the signal-initiating device at the protected property and the signal-receiving device located at a remote 
station, such as the fire station or usually a monitoring service. This is the most popular type of implementation and the owner of the premise must pay a monthly 
monitoring fee. This is what most people use in their home where they get a company like ADT to receive the alarms on their behalf. 

A remote system differs from an auxiliary system in that it does not use the municipal fire of police alarm circuits. 

Reference(s) used for this question: 

ANDRESS, Mandy, Exam Cram CISSP, Coriolis, 2001, Chapter 11: Physical Security (page 211). 

and 

Great presentation J.T.A. Stone on SlideShare 


NEW QUESTION 147 
- (Topic 1) 
Access Control techniques do not include which of the following? 


A. Rule-Based Access Controls 

B. Role-Based Access Control 

C. Mandatory Access Control 

D. Random Number Based Access Control 


Answer: D 


Explanation: 

Access Control Techniques Discretionary Access Control 

Mandatory Access Control Lattice Based Access Control Rule-Based Access Control Role-Based Access Control 

Source: DUPUIS, Clement, Access Control Systems and Methodology, Version 1, May 2002, CISSP Open Study Group Study Guide for Domain 1, Page 13. 


NEW QUESTION 150 
- (Topic 1) 
Which of the following is not a preventive login control? 


A. Last login message 

B. Password aging 

C. Minimum password length 
D. Account expiration 


Answer: A 


Explanation: 

The last login message displays the last login date and time, allowing a user to discover if their account was used by someone else. Hence, this is rather a 
detective control. 

Source: RUSSEL, Deborah & GANGEMI, G.T. Sr., Computer Security Basics, O'Reilly, July 1992 (page 63). 


NEW QUESTION 155 
- (Topic 1) 
A confidential number used as an authentication factor to verify a user's identity is called a: 


A. PIN 

B. User ID 
C. Password 
D. Challenge 


Answer: A 


Explanation: 

PIN Stands for Personal Identification Number, as the name states it is a combination of numbers. 

The following answers are incorrect: 

User ID This is incorrect because a Userid is not required to be a number and a Userid is only used to establish identity not verify it. 
Password. This is incorrect because a password is not required to be a number, it could be any combination of characters. 
Challenge. This is incorrect because a challenge is not defined as a number, it could be anything. 


NEW QUESTION 156 
- (Topic 1) 
Controls provide accountability for individuals who are accessing sensitive information. This accountability is accomplished: 


A. through access control mechanisms that require identification and authentication and through the audit function. 


The Leader of IT Certification visit - httos://www.certleader.com 


® 100% Valid and Newest Version SSCP Questions & Answers shared by Certleader 
Cert Leader https:/Awww.certleader.com/SSCP-dumps.html (1074 Q&As) 


Leader of IT Certifications 


B. through logical or technical controls involving the restriction of access to systems and the protection of information. 
C. through logical or technical controls but not involving the restriction of access to systems and the protection of information. 
D. through access control mechanisms that do not require identification and authentication and do not operate through the audit function. 


Answer: A 


Explanation: 

Controls provide accountability for individuals who are accessing sensitive information. This accountability is accomplished through access control mechanisms 
that require identification and authentication and through the audit function. These controls must be in accordance with and accurately represent the organization's 
security policy. Assurance procedures ensure that the control mechanisms correctly implement the security policy for the entire life cycle of an information system. 
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 33. 


NEW QUESTION 161 
- (Topic 1) 
Which of the following is most appropriate to notify an internal user that session monitoring is being conducted? 


A. Logon Banners 

B. Wall poster 

C. Employee Handbook 
D. Written agreement 


Answer: D 


Explanation: 

This is a tricky question, the keyword in the question is Internal users. 

There are two possible answers based on how the question is presented, this question could either apply to internal users or ANY anonymous/external users. 
Internal users should always have a written agreement first, then logon banners serve as a constant reminder. 

Banners at the log-on time should be used to notify external users of any monitoring that is being conducted. A good banner will give you a better legal stand and 
also makes it obvious the user was warned about who should access the system, who is authorized and unauthorized, and if it is an unauthorized user then he is 
fully aware of trespassing. Anonymous/External users, such as those logging into a web site, ftp server or even a mail server; their only notification system is the 
use of a logon banner. 

References used for this question: 

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 50. 

and 

Shon Harris, CISSP All-in-one, 5th edition, pg 873 


NEW QUESTION 162 
- (Topic 1) 
Which of the following Kerberos components holds all users' and services’ cryptographic keys? 


A. The Key Distribution Service 
B. The Authentication Service 
C. The Key Distribution Center 
D. The Key Granting Service 


Answer: C 


Explanation: 

The Key Distribution Center (KDC) holds all users' and services' cryptographic keys. It provides authentication services, as well as key distribution functionality. 
The Authentication Service is the part of the KDC that authenticates a principal. The Key Distribution Service and Key Granting Service are distracters and are not 
defined Kerberos components. 

Source: WALLHOFF, John, CISSP Summary 2002, April 2002, CBK#1 Access Control System & Methodology (page 3) 


NEW QUESTION 166 

- (Topic 1) 

Which access control model is best suited in an environment where a high security level is required and where it is desired that only the administrator grants 
access control? 


A. DAC 

B. MAC 

C. Access control matrix 
D. TACACS 


Answer: B 


Explanation: 

MAC provides high security by regulating access based on the clearance of individual users and sensitivity labels for each object. Clearance levels and sensitivity 
levels cannot be modified by individual users -- for example, user Joe (SECRET clearance) cannot reclassify the "Presidential Doughnut Recipe” from "SECRET" 
to "CONFIDENTIAL" so that his friend Jane (CONFIDENTIAL clearance) can read it. The administrator is ultimately responsible for configuring this protection in 
accordance with security policy and directives from the Data Owner. 

DAC is incorrect. In DAC, the data owner is responsible for controlling access to the object. Access control matrix is incorrect. The access control matrix is a way of 
thinking about the 
access control needed by a population of subjects to a population of objects. This access 
control can be applied using rules, ACL's, capability tables, etc. 

TACACS is incorrect. TACACS is a tool for performing user authentication. References: 
CBK, p. 187, Domain 2: Access Control. AlO3, Chapter 4, Access Control. 


NEW QUESTION 171 
- (Topic 1) 
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Which of the following statements pertaining to using Kerberos without any extension is false? 


A. A client can be impersonated by password-guessing. 
B. Kerberos is mostly a third-party authentication protocol. 
C. Kerberos uses public key cryptography. 

D. Kerberos provides robust authentication. 


Answer: C 


Explanation: 

Kerberos is a trusted, credential-based, third-party authentication protocol that uses symmetric (secret) key cryptography to provide robust authentication to clients 
accessing services on a network. 

Because a client's password is used in the initiation of the Kerberos request for the service protocol, password guessing can be used to impersonate a client. 
Here is a nice overview of HOW Kerberos is implement as described in RFC 4556: 

1. Introduction 

The Kerberos V5 protocol [RFC4120] involves use of a trusted third party known as the Key Distribution Center (KDC) to negotiate shared session keys between 
clients and services and provide mutual authentication between them. 

The corner-stones of Kerberos V5 are the Ticket and the Authenticator. A Ticket encapsulates a symmetric key (the ticket session key) in an envelope (a public 
message) intended for a specific service. The contents of the Ticket are encrypted with a symmetric key shared between the service principal and the issuing 
KDC. The encrypted part of the Ticket contains the client principal name, among other items. An Authenticator is a record that can be shown to have been recently 
generated using the ticket session key in the associated Ticket. The ticket session key is known by the client who requested the ticket. The contents of the 
Authenticator are encrypted with the associated ticket session key. The encrypted part of an Authenticator contains a timestamp and the client principal name, 
among other items. 

As shown in Figure 1, below, the Kerberos V5 protocol consists of the following message exchanges between the client and the KDC, and the client and the 
application service: 

The Authentication Service (AS) Exchange 

The client obtains an "initial" ticket from the Kerberos authentication server (AS), typically a Ticket Granting Ticket 

(TGT). The AS-REQ message and the AS-REP message are the request and the reply message, respectively, between the client and the 

AS. 

The Ticket Granting Service (TGS) Exchange 

The client subsequently uses the TGT to authenticate and request a service ticket for a particular service, from the Kerberos 

ticket-granting server (TGS). The TGS-REQ message and the TGS-REP message are the request and the reply message respectively between the client and the 
TGS. 

The Client/Server Authentication Protocol (AP) Exchange 

The client then makes a request with an AP-REQ message, consisting of a service ticket and an authenticator that certifies the 

client's possession of the ticket session key. The server may optionally reply with an AP-REP message. AP exchanges typically negotiate session-specific 
symmetric keys. 

Usually, the AS and TGS are integrated in a single device also known as the KDC. 


+------------ = + 
+--------- >| KDC | 

AS-REQ / +------- || 

| | +-------------- + 

AIN] 

/ |AS-REP / | 

| | / TGS-REQ + TGS-REP 

[| // 

[| // 

| | / +--------- + 

[| // 

[ed 

[|// 

|vi/v 

++------- +------ + H--------------- =- + 

| Client +------------ >| Application | 

| | AP-REQ | Server | 

|257 | | 

+--------------- + AP-REP +----------------- + 


Figure 1: The Message Exchanges in the Kerberos V5 Protocol 

In the AS exchange, the KDC reply contains the ticket session key, among other items, that is encrypted using a key (the AS reply key) shared between the client 
and the KDC. The AS reply key is typically derived from the client's password for human users. Therefore, for human users, the attack resistance strength of the 
Kerberos protocol is no stronger than the strength of their passwords. 

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 2: 
Access control systems (page 40). 

And 

HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter 4: Access Control (pages 147-151). 

and http://www.ietf.org/rfc/ric4556 .txt 
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